CVE-2026-42096
Awaiting Analysis Awaiting Analysis - Queue
Broken Access Control in Sparx Pro Cloud Server

Publication date: 2026-05-19

Last updated on: 2026-05-19

Assigner: CERT.PL

Description
Sparx Pro Cloud Server is vulnerable to Broken Access Control within communication with the database. Due to lack of permission checks, any low privileged user can run arbitrary SQL queries within database user context. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.1 (build 167) and below were tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-19
Last Modified
2026-05-19
Generated
2026-05-20
AI Q&A
2026-05-19
EPSS Evaluated
N/A
NVD
CVE-2026-42096
EUVD
EUVD-2026-30927
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
sparxsystems pro_cloud_server to 6.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

The vulnerability in Sparx Pro Cloud Server is a Broken Access Control issue related to communication with the database. Because the system lacks proper permission checks, any user with low privileges can execute arbitrary SQL queries within the context of the database user.


How can this vulnerability impact me? :

This vulnerability allows low privileged users to run arbitrary SQL queries on the database, which can lead to unauthorized data access, data modification, or data deletion. This can compromise the integrity, confidentiality, and availability of the database and potentially the entire system.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The vulnerability in Sparx Pro Cloud Server allows low privileged users to run arbitrary SQL queries due to broken access control, which can lead to unauthorized access or manipulation of sensitive data.

Such unauthorized database access can compromise the confidentiality and integrity of personal or sensitive information, potentially violating compliance requirements under standards like GDPR and HIPAA that mandate strict access controls and data protection measures.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability affects Sparx Pro Cloud Server version 6.1 (build 167) and below. Since the vendor has not provided details about the vulnerable version range or patches, the immediate mitigation step is to avoid using these confirmed vulnerable versions.

  • Upgrade to a version above 6.1 (build 167) if available and confirmed safe.
  • Restrict low privileged user access to the Pro Cloud Server to prevent arbitrary SQL query execution.
  • Monitor and limit database query permissions to reduce the impact of potential exploitation.

Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart